Computer Security

Computer Security is a Level 10 course given in Semester 2. See the Course Catalogue entry.
Lectures are held on Mondays and Thursdays at 16:10, in Teviot Lecture Theatre Doorway 5, Medial School, Teviot, Central.
The course lecturers are Myrto Arapinis and Kami Vaniea
The first lecture is on Mon 11th January 2016.

Lecture Slides

Slides will be added below as we go along. The slides from last year will give a good idea about what's coming up. Readings are optional. Unless otherwise noted, readings are from the recommended textbook Security In Computing.

1.	11 Jan.	Introduction to the course Slides: PDF Reading: Chapter 1 - Introduction
2.	14 Jan.	Cyber Essentials Scheme Slides: PDF Reading: Cyber Essentials Scheme: Requirements for basic technical protection from cyber attacks 10 Steps to Cyber Security Summary and Advice Sheets
3.	18 Jan.	Network and internet vulnerabilities Slides: PDF, PPT Reading: Chapter 6.2-6.5 - Network security attacks
4.	21 Jan.	Network defences Slides: PDF Reading: Chapter 6.6, 6.7 - Cryptography in Network security and Firewalls
5.	25 Jan.	Usable security and user training Slides: PDF Reading: Chapter 9.5 - Privacy on the web Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 by Alma Whitten and J.D. Tygar
6.	28 Jan.	Buffer overflow attacks Slides: PDF, supplemental slides (PDF) illustrating a correct memory access. Reading: Chapter 3.1 - Unintentional Programming Oversights
9.	1 Feb.	Authentication Slides: PDF Reading: Chapter 2.1 - Authentication Chapter 9.3 - Authentication and Privacy
10.	4 Feb.	Access control Slides: PDF and the Shellshock example from lecture. Reading: Chapter 2.2 - Access Control
9.	8 Feb.	Web security: injection attacks Slides: PDF Reading: Chapters 4.2 and 4.3 - Web Attacks
10.	11 Feb.	Web security: session hijacking, XSS, CSRF Slides: PDF Reading: Browser Security Handbook
	15 Feb.	Innovative Learning Week
	18 Feb.	Innovative Learning Week
11.	22 Feb.	Web security: session hijacking, XSS, CSRF cont. Slides: PDF Reading: Browser Security Handbook
12.	25 Feb.	Introduction to secure communications Slides: PDF
13.	29 Feb.	Stream ciphers Slides: PDF
14.	3 Mar.	Block ciphers Slides: PDF
15.	7 Mar.	Hash functions and MACs Slides: PDF Reading: How to store your users' passwords safely
16.	10 Mar.	Asymmetric ciphers Slides: PDF
17.	14 Mar.	Cryptographic protocols (I) Slides: PDF Reading: An attack on the Needham-Schroeder public-key authentication protocol. G. Lowe. Information Processing Letters (November 1995) Breaking and Fixing Public-Key Kerberos. I. Cervesato, A. D. Jaggard, A. Scedrov, J. Tsay, and C. Walstad. ASIAN'06
18.	18 Mar.	Cryptographic protocols (II) Slides: PDF
19.	21 Mar.	Cryptographic protocols (II) Slides: PDF Reading: Renegotiating TLS. M. Ray and S. Dispensa. (November 2009) Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. A. Armando, R. Carbone, L. Compagna, J. Cullar, and L. Tobarra. FMSE'08 From Multiple Credentials to Browser-Based Single Sign-On: Are We More Secure? A. Armando, R. Carbone, L. Compagna, J. Cullar, G. Pellegrino, and A. Sorniotti. Chapter in Future Challenges in Security and Privacy for Academia and Industry Additional reading: Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS. K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Pironti, and P. Strub. S& P'14
20.	24 Mar.	Protocols for anonymity Slides: PDF Reading: Crowds: anonymity for Web transactions. M. K. Reiter and A. D. Rubin. ACM Transactions on Information and System Security. Untraceable electronic mail, return addresses, and digital pseudonyms. D. Chaum. Communications of the ACM, February 1981. Tor: The Second-Generation Onion Router. R. Dingledine, N. Mathewson, and P. F. Syverson. USENIX Security Symposium 2004.
21.	28 Mar.	Review

These are lecture slides, not comprehensive notes. You should supplement the slides with notes taken in lectures, and from your own reading. References and specific reading recommendations are given in slides, further guidance is given in lectures. The examinable material consists of what is covered in lectures, tutorials and practicals (unless specifically excluded) and the reading recommended in lectures.

Course resources

Recommended textbook: Security in Computing by Pfleeger, Pfleeger and Margulies
Additional reading & other references.

Tutorials

There are four tutorials. Tutorial groups are managed by the ITO, and will be announced soon.
There are worksheets for the tutorials which will be issued beforehand. You should try each worksheet before the tutorial meeting.

Tutorial Sheet 1 (Networking) will be considered at the Week 3 tutorials starting 25 January. An online version of the Elevation of Privilege card game.
Tutorial Sheet 2 (Web security) will be considered at the Week 5 tutorials starting 8 Febuary. Tutorial solution sheet.
Tutorial Sheet 3 (Web security) will be considered at the Week 8 tutorials starting 7 March. Tutorial solution sheet.
Tutorial Sheet 4 (Cryptography) will be considered at the Week 9 tutorials starting 14th March. Tutorial solution sheet.

Tutorials are based on question sheets which you should use to help guide your own study for the course. Solutions will be issued a while after the question sheets so you can measure your progress. There is not enough time to cover all topics; you should aim to cover remaining topics to a similar depth of knowledge.

Coursework Exercises

There are two assessed coursework exercises, each worth 12.5% of the final mark.

Coursework 1 is due on Feb 26th, 16:00. Answers to Frequently Asked Questions.
Coursework 2 is due on March 25th, 16:00. CW2 solutions.

Exams

Past papers are on the ITO pages.
The only solutions available are those already published.
Older exams include questions on "BAN logic" which has since been removed from the syllabus.

Documents above are in PDF format. Comments, suggestions, corrections are welcomed.
To print course materials, make sure your PDF reader has the correct page size and orientation.

Copyright: except where stated, lecture notes and other course materials are Copyright (C) School of Informatics, University of Edinburgh, and respective authors. Lecture slides prepared by David Aspinall and Myrto Arapinis with additions by Mike Just and Julian Bradfield.
Please respect our rights over this material and contact us if you want to use it in another context.

Home : Teaching : Courses : Cs